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IN THE CLAIMS : 

Please AMEND claims 12, 21, and 23; and 
Please ADD claims 24-27 as follows: 

1 . (Previously Presented) A method, comprising: 
authenticating a mobile node by an access router; 

authorizing the mobile node to participate in a candidate access router discovery 
procedure; 

maintaining, by the access router within a mobile internet protocol environment, a 
cache of neighboring access routers as handover candidates, capabilities of the 
neighboring access routers, and associated access points of the neighboring access 
routers, wherein access routers are considered neighbors only if the access routers 
comprise access points with overlapping coverage areas; and 

populating the cache with a cache entry in response to a handover action of the 
mobile node, wherein the cache entry concerns a neighboring access router, the 
capabilities of the neighboring access router, and an associated access point from which 
the mobile node is handed over, 

wherein the cache entry is tagged with authentication information of the mobile 
node, and 

wherein a total number of cache entries that can be tagged and thus introduced into 
the cache by the mobile node is limited. 
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2. (Cancelled) 



3. (Previously Presented) The method according to claim 1, wherein the 
mobile node is authenticated by using at least one of an international mobile subscriber 
identity for cellular communication systems and a network access identifier for systems 
based on internet protocol. 

4. (Previously Presented) The method according to claim 1 5 further 
comprising: 

receiving a token within a message specific to the candidate access router 
discovery procedure from the mobile node by the access router as a selected handover 
candidate after a handover procedure of the mobile node between a previous access 
router and the access router, wherein the token is generated by the previous access router 
and is sent from the previous access router to the mobile node within a message 
comprising a list of candidate access routers; and 

sending the token within a neighbor exchange between the access routers from the 
access router back to the previous access router for verification, wherein the access 
routers are configured to one of create and refresh cache entries concerning the respective 
other access router, the capabilities of the respective other access router, and the 
associated access point of the respective other access router. 
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5. (Previously Presented) The method according to claim 4, 

wherein the token is generated by maintaining by the previous access router a 
short list of random values used as keys to hash the identity of the mobile node, 

wherein each key in the short list is associated with an integer index that is passed 
along with the token, and 

wherein upon receiving the token for verification, the previous access router uses 
the integer index to lookup the associated key, hash the identity of the mobile node sent 
in the neighbor exchange, and compare the hash to the token. 

6. (Previously Presented) The method according to claim 5, wherein with 
progressing time new keys are generated and added to the head of the list while old keys 
are expired and removed so that from the length of the list and the frequency of the 
generated new keys, the total amount of time the mobile node has been attached is 
determined. 

7. (Previously Presented) A system, comprising: 

a plurality of access routers within a mobile internet protocol environment, each of 
the access routers configured to authenticate a mobile node, to authorize the mobile node 
to participate in a candidate access router discovery procedure, and to maintain a cache of 
neighboring access routers as handover candidates, capabilities of the neighboring access 
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routers, and associated access points of the neighboring access routers, wherein the 
access routers are considered neighbors only if the access routers comprise access points 
with overlapping coverage areas; and 

a plurality of mobile nodes, each of the mobile nodes configured to perform a 
handover action between the access routers, 

wherein the cache is configured to be populated with a cache entry in response to 
the handover action of the mobile node, wherein the cache entry concerns a neighboring 
access router, the capabilities of the neighboring access router, and an associated access 
point from which the mobile node is handed over, and wherein the cache is further 
configured to tag the cache entry with authentication information of the handover action 
performing mobile node, and to limit a total number of entries that can be tagged and thus 
introduced into the cache by any given mobile node. 

8-11. (Cancelled) 

12. (Currently Amended) An apparatus, comprising: 
a first controller configured to authenticate a mobile node; 

a second controller configured to authorize the mobile node to participate in a 
candidate access router discovery procedure; and 

a cache of neighboring access routers as handover candidates, capabilities of the 
neighboring access routers, and associated access points of the neighboring access 
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routers, wherein access routers are considered neighbors only if the access routers 
comprise access points with overlapping coverage areas^f 

wherein the cache is configured to be populated with a cache entry in response to a 
handover action of the mobile node, wherein the cache entry concerns a neighboring 
access router, the capabilities of the neighboring access router, and an associated access 
point from which the mobile node is handed over, and wherein the cache is further 
configured to tag the cache entry with authentication information of the handover action 
performing mobile node, and to limit a total number of entries that can be tagged and thus 
introduced into the cache by any given mobile node. 



13. (Cancelled) 



14. (Previously Presented) The apparatus according to claim 12, further 
comprising: 

a receiver configured to receive a token within a message specific to the candidate 
access router discovery procedure from the mobile node after a handover procedure of 
the mobile node between a previous access router and the access router, wherein the 
previous access router is configured to generate the token and to send the token to the 
mobile node within a message comprising a list of candidate access routers; and 

a transmitter configured to send the token within a neighbor exchange with the 
previous access router for verification, wherein a cache entry concerning the previous 

- 6 - Application No. 10/785,407 



access router, the capabilities of the previous access router, and the associated access 
point of the previous access router is one of created and refreshed, and wherein the 
previous access router comprises a verifier configured to verify the token. 

15. (Previously Presented) The apparatus according to claim 14, 

wherein the previous access router comprises a first hashing unit configured to 
hash the identity of the mobile node by using random values out of a short list as keys, 
and an associating unit configured to associate each key in the list with an integer index, 
and 

wherein the verifier comprises a lookup table for integer indices and the associated 
keys, a second hashing unit configured to hash the identity of the mobile node and a 
comparing unit configured to compare the hash to the token. 

16. (Previously Presented) The apparatus according to claim 15, wherein the 
previous access router is configured to generate new keys with progressing time, to add 
the new keys to the head of the list, and to remove old keys. 

17-20. (Cancelled) 



21. (Currently Amended) The apparatus according to claim 16, wherein forther 
comprising: the previous access router comprises a determiner configured to determine a 
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total amount of time thea mobile node has been attached from the length of the list and 
the frequency of the generated new keys. 

22. (Previously Presented) A computer program, embodied on a computer 
readable medium, for controlling a processor to implement a method, the method 
comprising: 

authenticating a mobile node by an access router; 

authorizing the mobile node to participate in a candidate access router discover 
procedure; 

maintaining, by the access router within a mobile internet protocol environment, a 
cache of neighboring access routers as handover candidates, capabilities of the 
neighboring access routers, and associated access points of the neighboring access 
routers, wherein access routers are considered neighbors only if the access routers 
comprise access points with overlapping coverage areas; and 

populating the cache with a cache entry in response to a handover action of the 
mobile node, wherein the cache entry concerns a neighboring access router, the 
capabilities of the neighboring access router, and an associated access point from which 
the mobile node is handed over, wherein the cache entry is tagged with authentication 
information of the mobile node, and wherein a total number of cache entries that can be 
tagged and thus introduced into the cache by the mobile node is limited. 
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23. (Currently Amended) An apparatus, comprising: 
authentication means for authenticating a mobile node; 

authorization means for authorizing the mobile node to participate in a candidate 
access router discovery procedure; and 

caching means for storing neighboring access routers as handover candidates, 
capabilities of the neighboring access routers, and associated access points of the 
neighboring access routers, wherein access routers are considered neighbors only if they 
comprise access points with overlapping coverage areas^f 

wherein the caching means is configured to be populated with a caching means 
entry in response to a handover action of the mobile node, wherein the caching means 
entry concerns a neighboring access router, the capabilities of the neighboring access 
router, and an associated access point from which the mobile node is handed over, and 
wherein the caching means is further configured to tag the caching means entry with 
authentication information of the handover action performing mobile node, and to limit a 
total number of entries that can be tagged and thus introduced into the caching means by 
any given mobile node. 

24. (New) The method according to claim 1, further comprising: 

receiving a token within a message specific to the candidate access router 
discovery procedure from the mobile node by the access router as a selected handover 
candidate after a handover procedure of the mobile node between a previous access 
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router and the access router, wherein the token is generated by the previous access router 
and is sent from the previous access router to the mobile node within a message 
comprising a list of candidate access routers; and 

receiving the token within a neighbor exchange between the access routers from 
the previous access router to the access router for verification, wherein the access routers 
are configured to one of create and refresh cache entries concerning the respective other 
access router, the capabilities of the respective other access router, and the associated 
access point of the respective other access router. 

25. (New) The method according to claim 24, 

wherein the token is generated by maintaining by the previous access router a 
short list of random values used as keys to hash the identity of the mobile node, 

wherein each key in the short list is associated with an integer index that is passed 
along with the token, and 

wherein upon receiving the token for verification, the access router uses the 
integer index to lookup the associated key, hash the identity of the mobile node sent in 
the neighbor exchange, and compare the hash to the token. 

26. (New) The apparatus according to claim 12, further comprising: 

a receiver configured to receive a token within a message specific to the candidate 
access router discovery procedure from the mobile node after a handover procedure of 
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the mobile node between a previous access router and the access router, wherein the 
previous access router is configured to generate the token and to send the token to the 
mobile node within a message comprising a list of candidate access routers, 

wherein the receiver is configured to receive the token within a neighbor exchange 
with the previous access router for verification, and wherein a cache entry concerning the 
previous access router, the capabilities of the previous access router, and the associated 
access point of the previous access router is one of created and refreshed; and 

a verifier configured to verify the token. 

27. (New) The apparatus according to claim 26, 

wherein the previous access router comprises a first hashing unit configured to 
hash the identity of the mobile node by using random values out of a short list as keys, 
and an associating unit configured to associate each key in the list with an integer index, 
and 

wherein the verifier comprises a lookup table for integer indices and the associated 
keys, a second hashing unit configured to hash the identity of the mobile node and a 
comparing unit configured to compare the hash to the token. 
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